Support Center > Search Results > SecureKnowledge Details
Check Point Response to CVE-2015-0235 (glibc - GHOST)
Solution

Background

CVE-2015-0235 is a critical vulnerability in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc functions for DNS resolving. If exploited, a remote attacker able to make an involved application call either of these functions, may be able to use this flaw to execute arbitrary code with the permissions of the user running the application.

Table of Contents:

  • IPS Protection
  • OS Level Protection
  • Hotfix Packages
  • Revision History

 

IPS Protection

Check Point released "GNU C Library gethostbyname Buffer Overflow" IPS protection that protects customer environments.
This protection is part of the Recommended_Protection profile. It enables organizations to add a layer of protection to their network while updating their systems with vendor-provided patches.

  1. CVEs

    The IPS protection covers the following CVEs:

    • CVE-2015-0235


  2. How can IPS best protect my environment?

    Verify that the protection is set to "Prevent" mode in all IPS profiles.

    To enable the "GNU C Library gethostbyname Buffer Overflow" IPS protection in Prevent mode: right-click on this protection, click on 'Prevent on All Profiles', and install policy on all Security Gateways.

 

OS Level Protection

  • IPSO OS is not vulnerable.
  • While Check Point Gaia OS and SecurePlatform OS may be susceptible to CVE-2015-0235, there are no known exploits to Check Point software.

Nevertheless, Check Point recommends to install the Hotfixes provided below.

 

Hotfix Packages

The fix for this issue is included in:

 

This article provides hotfix packages for R77.20, R77.10, R77, R76, R75.47, R75.46, R75.45 and R75.40.

Notes:

Instructions:

Make sure to take a snapshot of your Check Point machine before installing this hotfix:

Should you encounter issues during this procedure, contact Check Point Support.

 

Revision History

Show / Hide the revision history

Date Description
09 Mar 2016 Added a list of versions and Jumbo Hotfix Accumulator, in which this fix was integrated
05 Mar 2015 Added Hotfixes for X-Series
24 Feb 2015 Added Hotfixes for Gaia and SecurePlatform R75.46, R75.45 and R75.40
18 Feb 2015 Added Hotfix for 600 / 1100 / Security Gateway 80 appliances (Gaia Embedded OS)
12 Feb 2015 Added links to CPUSE offline packages
10 Feb 2015 Added hotfix for Security Gateway R77.10 VE
04 Feb 2015 Added detailed instructions and notes
29 Jan 2015 Added hotfixes for Gaia and SecurePlatform R75.47, R76, R77, R77.10 and R77.20
27 Jan 2015 First release of this article
Applies To:
  • 01569696, 01574529, 01573876, 01571648, 01570266, 01570308, 01572857, 01570267, 01602898, 01570321, 01570318, 01570319, 01575439, 01626413, 01569843, 01569777, 01570265, 01572987, 01572986, 01575579, 01571970, 01573793, 01583541, 01573079, 01680299, 01574546, 01575432, 01575436, 01575441, 01574133, 01571657, 01569850, 01570243, 01570323, 01569780, 01571661, 01602840, 01569962

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment